{"url":"http://public2.vulnerablecode.io/api/packages/106065?format=json","purl":"pkg:composer/zendframework/zend-crypt@2.3.1","type":"composer","namespace":"zendframework","name":"zend-crypt","version":"2.3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.9","latest_non_vulnerable_version":"2.5.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11761?format=json","vulnerability_id":"VCID-skyf-p5pm-7ybp","summary":"Potential Information Disclosure in Zend\\Crypt\\PublicKey\\Rsa\\PublicKey\nZend\\Crypt\\PublicKey\\Rsa\\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality.","references":[{"reference_url":"http://framework.zend.com/security/advisory/ZF2015-10","reference_id":"","reference_type":"","scores":[],"url":"http://framework.zend.com/security/advisory/ZF2015-10"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7503","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.4833","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7503"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1283137","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1283137"},{"reference_url":"https://framework.zend.com/security/advisory/ZF2015-10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://framework.zend.com/security/advisory/ZF2015-10"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml"},{"reference_url":"https://github.com/zendframework/zendframework","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zendframework/zendframework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7503","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53375?format=json","purl":"pkg:composer/zendframework/zend-crypt@2.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-crypt@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/53376?format=json","purl":"pkg:composer/zendframework/zend-crypt@2.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-crypt@2.5.2"}],"aliases":["CVE-2015-7503","GHSA-pm9m-w23q-5967"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-skyf-p5pm-7ybp"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-crypt@2.3.1"}